Latest Internet & Cybersecurity News
16 billion credential “mega‑leak” — largest password aggregation discovered
Researchers uncovered an aggregated dataset of over 16 billion exposed login credentials compiled from infostealer malware and prior breaches, creating a vast credential reuse risk for Google, Apple, Facebook and other services. The dataset was hosted openly for a period, enabling large‑scale credential stuffing and account takeover attempts
.
Salesforce/Salesloft/Drift OAuth supply‑chain compromise
A major SaaS supply‑chain compromise targeted the integrations between Drift (acquired by Salesloft) and Salesforce, allowing attackers to steal OAuth tokens and access hundreds of organisations via token reuse. The incident is considered one of 2025’s largest SaaS‑integration breaches and highlighted OAuth/device‑flow risks used in later phishing campaigns
.
Red Hat consulting GitLab breach exposes consulting blueprints and customer configs
A breach of a self‑managed GitLab instance used by Red Hat Consulting reportedly resulted in ~570 GB of exfiltrated data and thousands of repositories containing VPN configs, API keys and customer engagement reports, potentially affecting many enterprise and government clients. Red Hat did not confirm all claims, but the event emphasised supply‑chain and third‑party consulting risks
.
UK, US and Australia sanction Russian 'Media Land' hosting and associated actors
Western governments coordinated sanctions against the Russian bulletproof hosting operator Media Land and associated individuals accused of enabling malware, phishing and ransomware campaigns against Western firms. The move targets infrastructure used by groups linked to Evil Corp, LockBit and Black Basta to disrupt criminal hosting services
.
Rapid exploitation of vulnerabilities — weaponisation within hours
2025 saw attackers weaponise disclosed vulnerabilities far faster, often within hours of advisories, with public‑facing VPNs, firewalls, email gateways and cloud identity providers heavily targeted, increasing urgency for faster patching and risk prioritisation. Analysts warned that old, well‑known CVEs continued to account for many successful intrusions
.
Fortinet, WatchGuard and other appliance exposures lead to mass attack risk
Shadowserver and other researchers reported tens of thousands of exposed Fortinet/FortiCloud and other appliance instances vulnerable to critical authentication and remote‑exploit issues, leaving them susceptible to ongoing campaigns. Multiple vendors issued patches and advisories as exploitation was observed in the wild
.
OAuth device‑code phishing waves compromise Microsoft 365 accounts
Attackers increasingly abused Microsoft’s device authorization flow by tricking users into entering legitimate device codes, thereby granting attacker‑controlled apps access to Microsoft 365 accounts without stealing passwords or bypassing MFA directly. Law enforcement and industry reported many successful account compromises using this technique across 2025
.
Ransomware groups evolve encryption and double‑extortion tactics
RansomHouse and other ransomware operators upgraded encryption schemes (e.g., multi‑key ‘Mario’ method) and doubled down on data theft extortion, making backups alone less effective and complicating incident response and decryption efforts. Analysts urged faster detection and cross‑sector coordination to mitigate impact
.
Crypto sector thefts set new annual record — $2.7B stolen
Blockchain monitoring firms reported over $2.7 billion in cryptocurrency thefts during 2025, led by a ~ $1.4 billion heist at Bybit, with attribution pointing at North Korean‑linked groups for several large exchanges and DeFi protocol breaches. The scale underscores continued risk to centralized exchanges and smart‑contract projects
.
La Poste (France) hit by cyberattack disrupting postal digital services
France’s national postal service experienced a cyberattack that knocked online payments and digital services offline, delaying deliveries and demonstrating pervasive operational impact from targeted intrusions on public services. Authorities and industry continue investigations into disruption and recovery measures
.
Cl0p exploitation of Oracle E‑Business Suite caused widespread extortion campaigns
In 2025 the Cl0p group widely exploited an Oracle EBS remote code execution flaw to extort dozens of organisations, prompting Oracle to issue an out‑of‑band patch and causing notable operational disruption across multiple sectors. The incident illustrated high impact when deep‑embedded enterprise apps are vulnerable
.
Privacy browser extensions found harvesting millions of AI chats
Investigations revealed ‘privacy’ browser extensions that instead harvested and exfiltrated over 8 million AI chat sessions, raising privacy and intellectual property concerns for organisations using AI assistants. Security teams were advised to audit extensions and restrict unmanaged browser extensions in enterprise environments
.
CISA mandates patching of actively exploited GeoServer XXE flaw for federal agencies
CISA ordered federal civilian agencies to patch a critical XML External Entity (XXE) vulnerability in GeoServer included in the Known Exploited Vulnerabilities catalog due to active exploitation and risk of arbitrary file retrieval. The directive highlighted continued focus on known‑exploited CVEs for rapid mitigation
.
Global law enforcement disrupts phishing‑as‑a‑service and arrests operators
International operations led to arrests connected to ‘RacoonO365’ phishing‑as‑a‑service schemes, with seizures and cooperation between Nigeria, Microsoft, FBI and US Secret Service demonstrating effective multinational disruption of PaaS networks. These takedowns reduce some threat infrastructure but attackers adapt quickly
.
Industry warnings as key CISA ransomware program staff depart
CISA lost a key employee involved in early ransomware warning program operations, raising questions about continuity for a program credited with preventing substantial economic impact and indicating potential personnel challenges for critical public‑private initiatives.